
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 223 1 3-1450 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/237,016 



01/25/1999 



23640 7590 07/29/2005 

BAKER BOTTS, LLP 
910 LOUISIANA 
HOUSTON, TX 77002-4995 



LA VAUGHN F. WATTS JR. 



016295.0858 



9706 



EXAMINER 



ART UNIT 



JACKSON, JENISE E 

n 



PAPER NUMBER 



2131 

DATE MAILED: 07/29/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 



Application No. 

09/237,016 



Examiner 

Jenise E. Jackson 



Applicant(s) 

WATTS ETAL 



Art Unit 

2131 



« The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 4/7/05 . 
2a)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 7-3,5-8, 10- 13. 15-36 and 40-42 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 7-3,5-8, 10-13,15-36 and 40-42 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) Q The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) □ Notice of References Cited (PTO-892) 4) D Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) d Notice of Informal Patent Application (PTO-1 52) 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 07192005 



Application/Control Number: 09/237,0 1 6 Page 2 

Art Unit: 2131 

DETAILED ACTION 
Claim Rejections - 35 USC §103 

1 . The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1-3, 5-8, 10-13 remain rejected under 35 U.S.C. 103(a) as being unpatentable 
over Angelo and (Authoritative Dictionary of IEEE Standards) and further in view of Lambert. 

3. As per claim 1, Angelo discloses a computer system(see fig. 1, sheet 1, and col. 4, lines 
39-40), a processor^ 102)(see fig. 1, sheet 1, and col. 4, lines 49-50), an access token 
communicator^. e. probe) for reading atoken(i.e. smartcard)(see col. 6, lines 13-15, 33-36), an 
input device(158) of being capable of being coupled to the processor(see fig. 1, sheet 1), the 
input device being adapted to receive a security code(i.e. pin/plain text password)(see col. 3, 
lines 40-41). The Examiner asserts that comparing the password to verification data on the 
access token, is inherent, because Angelo discloses that a password is entered once the token is 
inserted (see col. 3, lines 40-48). Thus, if the two passwords match(i.e. verification data), than 
this confirms that the user is authorized to use the access token(see col. 3, lines 46-48). Angelo 
discloses a computer system access code and a nonvolatile storage device password integrated 
within a set of security policies(see col. 3, lines 30-48, col. 13, lines 19-22). It would have been 
obvious to one of ordinary skill in the art that if the security policy is altered the code and 
password is inoperative, because the password and code are tied to the security policy(see col. 
13, lines 19-22), and one a user cannot gain access to the system without the password and code. 
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4. According to the Authoritative Dictionary of IEEE Standards, security level is defined as 
a hierarchical level whose purpose is to indicate degree of sensitivity to a designated security 
threat. It indicates a specific level of protection as specified by the security policy being 
enforced(see pg. 1015). Thus, since Angelo discloses security levels than Angelo discloses a 
security policy. Angelo discloses security policies(i.e. security levels) that can require different 
levels of access to different resources by having different passwords(see col. 13, lines 19-22), 
thus access to the resources will be based on what password the user has been granted. 
Furthermore, Angelo discloses a software system executable on the processor, and including a 
system security process controlling operational access to the processor, because Angelo discloses 
that an access token communicator for reading data on the token and comparing the data that is 
inputted with data stored on the token. Thus, the comparison of the data, contains software 
inherent in order to verify the user to a particular resource. Also, Angelo discloses an access 
token and verification data(see col. 3, lines 33-38), setting security policies(i.e. levels), and 
controlling access to resources based on the security policies(i.e. levels)(see col 13, lines 18-22). 

5. The Examiner takes Official Notice that it is well-known in the art to have a software 
system that contains executable program code, the motivation is that the executable program 
code is a complied program translated into machine code in a format that can be loaded into 
memory and run by a computer's processor. Thus, the motivation of having executable program 
code is that it allows the software to run. 

6. Angelo does not disclose a receiving a set of security policies from the access token in 
the processor in response to verification data. Lambert discloses in response to verification data, 
a set of security policies(i.e. levels) are received(see col. 2, lines 29-36, and col. 2, lines 4-16). 
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Further, Lambert controls access to resources based on security policies(i.e. levels)(see col. 2, 
lines 43-44). 

7. Both (Angelo and IEEE Standards) with Lambert disclose access control with smartcard. 
It would have been obvious to include the feature of Lambert that discloses in response to 
verification data, a set of security policies are received, with Angelo and IEEE standards. The 
motivation is that Lambert recognizes a problem when seeking to control access to application 
program modules where a number of different users are required to be allowed access different 
security modules(see col. 1, lines 48-51 of Lambert). Lambert also discloses the conventional 
approach is that a table lookup process scans a static list to determine the access authority of the 
user, and the user is given access to certain applications according to their determined authority 
level(see col. 1, lines 55-61 of Lambert). Thus, such conventional system relying on lookup 
tables of user authorities are vulnerable to breaches of security even if the applications 
themselves are held in protected form(see col. 1, lines 62-65 of Lambert). An unauthorized 
person may seek to add themselves to the list or to change their authority level within the list(see 
col. 1, lines 65-67 of Lambert). Therefore, Lambert provides a more protective measure of 
providing access to users by storing the access level on the card in the form of a key or 
dynamically generating the security policy once the user has typed in his/her PIN(see col. 2, lines 
29-36). 

8. Rejected under same basis as claim 1 and further, As per claim 2, Angelo discloses a non- 
volatile storage device operable coupled to the processor(see fig. 1, sheet 1), and a non- volatile 
storage device(see col. 5, lines 57-60) access password that selectively allows access to the 
nonvolatile storage device, wherein the nonvolatile storage device password is supplied in 
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response to the access token reading device reading an access token and the input device 
receiving valid verification data(see col. 7, lines 54-58, col. 8, lines 19-25, 37-40). 

9. As per claim 3, Angelo discloses at least one of a set of policies(i.e. security levels) is 
stored within the nonvolatile storage device password(see col. 13, lines 12-14, 19-25, 34-43). 

10. As per claim 5, Angelo discloses that one of the one or more policies (i.e. levels 
corresponds to the verification data, because Angelo discloses that when the user enters different 
passwords that are associated with different levels (i.e. policies) of access to the computer 
system, and if the user's password matches the password stored on the token (i.e. verification 
data), than the user is allowed access to certain resources based on the password that the user 
receives (see col. 13, lines 19-23, 30-43). 

11. As per claims 6-8, limitations have already been addressed see claim 1 and 15, further, 
the Examiner takes Official Notice that by having a security policy for bios control information 
is well-known, the motivation is that the user can change system settings and other configuration 
information dealing with the system. 

12. As per claims 10-11, Angelo discloses that the access token (i.e. smartcard) includes one 
or more bytes of data in a non-keyboard enterable format (i.e. biometrics)(see col 7, lines 47- 
53). 

13. As per claim 12, Angelo discloses wherein the verification data (i.e. password entered by 
way of biometrics) includes biometric data supplied by a user (see col. 7, lines 47-53). 

14. As per claim 13, Angelo discloses that the input device includes a keyboard for entering 
in the password, and the verification data includes a password (i.e. PIN) stored on the card (see 
col. 3, lines 40-48). 
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15. Claims 15-25 are rejected under 35 U.S.C. 103(a) as being unpatentable over Lambert 
and (Authoritative Dictionary of IEEE Standards) and further in view of Angelo. 

16. As per claim 15, limitations have already been addressed see claim 1. Further, 
limitations of claim 15, Lambert discloses a set of security policies associated with the operating 
system, the operating system operable to receive the security code for selectively enabling the 
security policies to limit access to the computer system(see col. 2, lines 32-50). Lambert fails to 
disclose operating system permitting access to the non- volatile storage device and one or more 
processors if the security code match an authorization data stored in nonvolatile memory; 
however, Angelo teaches that the security code(i.e. peripheral password) matches the 
authorization data stored in non- volatile memory(see col. 3, lines 44-46). It would have been 
obvious to combine Lambert with Angelo, to include the features of security policies(i.e. level), 
the motivation is that Lambert teaches that in prior art a lookup table process scans a static list to 
determine access authority of the user and the require security level(see col. 1, lines 58-61), and 
further teaches that such conventional systems relying on lookup tables of user authorities are 
vulnerable to breaches of security(see col. 62-65). 

17. As per claim 16, Angelo discloses wherein the operating system includes a BIOS and 
wherein the BIOS is stored on nonvolatile memory that is electrically interconnected to the one 
or more processors (see col. 7, lines 15-22, fig. 1, sheet 1). 

18. As per claim 17, Angelo discloses the access token communication device includes a 
smart card communication device (see col 6, lines 13-22, 33-36). 
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19. As per claim 18, Angelo discloses the access token communication device includes 
network circuitry (i.e. adapted to receive signals) from one or more computers interconnected on 
a computer network (col. 5, lines 17-20, 51-53). 

20. As per claim 19, Angelo discloses the access token communication device includes a 
modem that receives signals from a communication line. 

21. As per claim 20, wherein the input device is a keyboard (159)(see fig. 1, sheet 1, col. 9, 
lines 49-50) 

22. As per claim 21, Although Angelo does not expressly disclose a biometric reading 
device; Angelo does disclose that the user can input information by using a biometric device (see 
col. 7, lines 50-53). The Examiner takes Official Notice that a biometric reading device is well- 
known, thus it would be obvious to have a biometric reader, because the motivation is that a 
biometric reader allows one to read the biometric data input by the user. 

23. As per claims 22-23, Although Angelo discloses a fingerprint scanner; a retinal scanning 
device(i.e. biometrics)(see col. 7, lines 50-53). 

24. As per claim 24, Angelo discloses the nonvolatile storage device includes a hard disk 
drive(see col. 5, lines 56-59). 

25. As per claim 25, Angelo discloses a data access code stored in the nonvolatile memory, 
wherein a data request code corresponding to the data access code alters a state of the nonvolatile 
storage device, because Angelo discloses that if the data request code corresponds to the data 
access code(i.e. peripheral password stored in storage), than the state is altered by unlocking the 
storage device from locked to unlocked(see col. 9, lines 32-38, 43-48). 
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26. Claims 26-42 are rejected under 35 U.S.C. 103(a) as being unpatentable over Angelo 
(Authoritative Dictionary of IEEE Standards), Lambert, and further in view of Avarne. 

27. As per claim 26, limitations have already been addressed see claim 1 and 15. Further, 
claim 26 rejected by Angelo for a nonvolatile storage device access password that selectively 
allows access to the nonvolatile storage device, wherein the nonvolatile storage device password 
is supplied in response to the access token reading device reading an access token and the input 
device receiving verification data. Angelo does not disclose a master password. However, 
Avarne discloses a master password(see col. 3, lines 24-42). 

28. It would have been obvious to combine Angelo with Avarne, the motivation to include a 
master password is that a master password allows unlocking an inadvertently locked token(see 
col. 1, lines 37-40 of Avarne). Therefore, the motivation to have a master password is that the 
master password seeks to provide a means for the unlocking of locked token which can avoid the 
need to return such tokens to their issuing authority while at the same time avoiding the possible 
dissemination of information useful for subverting their locking function(see col. 1, lines 52-57). 

29. As per claim 27-34 limitations have already been addressed see claims 1 and 15. 

30. As per claim 35, Angelo discloses that transferring one or more passwords from the 
access token to a computer system, because once the user enters the password, and the password 
is encrypted to produce a peripheral password, and this password is a system password that is 
combined with the password stored in memory (see col. 9, lines 33-35, 43-48). 

31. As per claim 36, Angelo discloses transferring is in response to an access code received 
by the access token, because Angelo discloses that the access code(i.e. password) is inputted by 
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the user(see col. 3, lines 40-41), and then transferred to the computer system(see col. 3, lines 44- 
48). 

32. As per claim 40, Angelo discloses wherein the one or more security policies(i.e. levels) 
are stored in an encrypted format, because based on the password that the user has entered is 
encrypted and this encrypted key has policies that are associated that allow a user to access 
certain resources or devices(see col. 3, lines 37-48, and col. 13, lines 18-26). Further, Microsoft 
Computer Dictionary defines a data stream to be a byte-by-byte flow of data(see pg. 110). 
Therefore, a data stream(i.e. password) is bytes of data. 

33. As per claims 41-42, recited the same limitations as claim 14, and further means for 
reading an access token, means for receiving an authentication password(i.e. peripheral 
password), means for verifying the validity of the access token based on the authentication 
password, means for unlocking a nonvolatile storage device on the computer(see col. 9, lines 13- 
38, 43-54). As per the limitation of security policies has already been addressed see claim 1 
above. ^ 

Response to Amendment 

34. The Applicant is arguing newly added limitations of a computer system access code and a 
nonvolatile storage device password integrated within a set of security policies such that 
alteration of the security policies renders the access code and password inoperative. It would 
have been obvious to one of ordinary skill in the art that if the security policy is altered the code 
and password is inoperative, because the password and code are tied to the security policy(see 
col. 13, lines 1 9-22), and one a user cannot gain access to the system without the password and 
code. 
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Final Action, Necessitated By Amendment 

35. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, TfflS ACTION IS MADE FINAL. See MPEP § 706.02(1)(3). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 
1 .136(a) will be calculated from the mailing date of the advisory action. In no event, however, 
will the statutory period for reply expire later than SIX MONTHS from the mailing date of this 
final action. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jenise E Jackson whose telephone number is (571) 272-3791. 
The examiner can normally be reached on M-Th (6:00 a.m. - 3:30 p.m.) alternate Friday's. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 



Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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